Wireless Network Security RADIUS Server Installation Firstly, we will configure a RADIUS Server by using Windows 2000 Server and use 802.1x-TLS as example.. Prepare to set RADIUS Server
Trang 1Wireless Network Security RADIUS Server Installation
Firstly, we will configure a RADIUS Server by using Windows 2000 Server and use 802.1x-TLS as example
Prepare to set RADIUS Server up:
Windows 2000 Server has complete Active Directory configuration
The sample Server had been set be a Domain controller and DHCP/DNS is enabled on this server
For 802.1x, Windows 2000 Ser :ver upgrade to unless Service Pack 3 is needed For WPA, Windows 2000 Server upgrade to unless Service Pack 4 is needed
Step 1: Installation Certificate Authority
1 Logon into your Windows 2000 server as “Administrator or an ID has Administrator authority
2 Go to “Start>control Panel>Add or Remove programs”
3 Select “Add or remove Windows Components”
4 Tick on ”Certificate Service” and press “Next ”
Trang 25 Click “Enterprise root CA” press “Next”
6 Put a CA name to identify this Certificate Service then press “Next”
7 Point data storage location, database and recode files and Press “Next”
8 You will see “Computer processing Internet information service, you must stop this service to continue”, Press “Yes” to continue
Trang 39 Press “Complete” to finish Wizard
Step 2: Configuration Certificate Authority
1 Go to ”Start>Program files> System administrative tools>Certificate Authority”
2 Open “Wireless” (the one you added into your system), right click on the “Policy Setting” select “New”
3 Select “Certificate to Issue”
4 Select ”Authenticated Session” and ”Smartcard Logo n” two Certificate sample by holding down Ctrl key and press “OK” to continue
Trang 58 Select ”Computer configuration> Security Setting> Public Key Policies>
9 Right Click “Automatic Certificate Request Setting”, select “New” then Click
“Automatic Certificate Request……”
10 The Automatic Certificate Request Setup Wizard will guide you through the
11 Select ”Computer” certificate template and press “Next”
Trang 612 Press ”Complete” to finish Automatic Certificate Request configuration Wizard
13 Go to “ Start>Run” type “CMD ” press Enter
14 Under Dos command type “c:\secedit/refreshpolicy machine_policy”
15 You cab see a message as above
Step3: Internet Authentication Service (Radius) Configuration
1 Go to ”Start>Control Panel >Add or remove program”
2 Select “Add or Remove Windows Components”, select ”Network Service”
Trang 73 Press “Details…” and select ”Internet Authentication Service ”
4 Go to ”Start>Programs>System Administrative Tools>Internet Authentication Service”
5 Right Click on “Client” click “New Client”
Trang 86 Put a name to represent your Access Point and press “Next”
7 Key in a share key for this Access Point
8 Press “Finish” to complete
9 Right click on ”“Remote AcceRight click on ”“Remote Access Policy” and select “New Remote Access Policy
Trang 910 Type a name for new policy, press “Next”
11 Select ”Day-And-Time-Restrictions” press “Add”
12 Tick “Permitted ” and select this service operation time
Trang 1013 Tick “Grant remote access permission” and click “Next ”
14 Press ”Edit Profile”
Trang 1115 Select Authentication method; tick ”Extensible Authenticatio n Protocol” up and select
“Smart Card or other Certification” in Authentication Press “OK” to complete configuration Note: If you need other authentication method please ticks up here
16 Put this policy to first order (please be confirmed)
Trang 1217 Go to “Start> Program>System Administrative tools> Active Directory Users and computers”
18 Right click a user who needs this service
19 Select “Dial-in”, Tick “Allow Access” in Remote Access Permission press “OK” to complete Configuration
Trang 13Note: If you will use another authentication method (example MD5 needs CHAP), please go
“Authentication” page TLS can use default value
Trang 14802.1x TLS Logon
Step 1: Get a CA
1 Connect your computer to a network, which can connect to RADIUS Server (How ever wired or wireless connection, if you do use wireless connection please turn all security method off first otherwise you will fail on this step)
2 Open you browser (For Example IE), put “RADIUS Server IP/certsrv”(for example
“192.168.1.10/certsrv”) Please make sure IIS service of your Windows 2000 server is turn
Trang 155 Select ”User certificate request” press “Next”
6 User Certificate – Identifying Information, press “Submit”
Trang 167 A CA warning POP message jump out, press ”Yes ”
8 Click “Install this certificate”
9 Confirm to add this CA, press “Yes”
Trang 1710 Certificate Installed
Step 2: Configuration Access Point
1 Open Access Point Security configuration page
Trang 182 Select “802.1x”
3.Configuration this page
Lifetime: A period to change Key
Length: Encryption Length
IP: RADIUS Server IP
Port: Service Port (Standard RADIUS use port 1812)
Shared Secret : Share key on RADIUS server (the one you had set for this AP)
Note: If you have a Backup Server Please setup RADIUS server 2 as well
on system tray where right down your screen)
3 Select your Wireless LAN Card right clicks and selects “Properties”
4 Click “Wireless Network”
5 Select the Access Point which you going to connect and click “Configuration” on its right
Trang 196 Select”OPEN System” on Network Authentication, uses WEP encryption Tick “ The key is provided for me automatically” up
7 Select “Authentication” page Tick “Enabled IEEE 802.1xAuthentication for this Network”, EAP Type selects ”Smart Card or other certificate” Press “OK”
Trang 208 When Station connected to AP, a connection process request will right on your screen Click it you can see a pop window as below (If there has more than a CA on your system you will see a CA selection screen first)
Note: New Windows version can handle it automatically; you might see the latest step directly
Trang 21WPA Logon Step 1: Request CA
Please refer the way 802.1x request CA
Step 2: AP Configuration
1 Open security web page on your Access Point
2 Select WPA on this page, press “Apply”
3 Go 802.1x Configuration page
Lifetime: A period to change Key
Length: Encryption Length
IP: RADIUS Server IP
Port: Service Port (Standard RADIUS use port 1812)
Shared Secret: Share key on RADIUS server (the one you had set for this AP) Note: If you have a backup RADIUS server, please set server 2 up as well
Trang 22Step 3: Connection as WPA
1 Here we will use Windows XP Wireless Zero Configuration Utility to be the sample connection
Note: The setting page might a bit different in different Windows XP version
2 Right click “My Network Place” on your desktop and click “Properties” (or go to “Start/ Settings/ Network” or double click a network icon which represents your wireless network
on system tray where right down your screen)
3 Select your Wireless LAN Card right clicks and selects “Properties”
Trang 234 Click “Wireless Network”
5 Select the Access Point which you going to connect and click “Configuration” on its right
Trang 246 Select “WPA” on Network Connection, and use “TKIP” for Data Encryption Note: Currently, AES standard is not finalized yea if your Access Point and station do support AES you can select AES also
7 Select EAP type ”Smart Card or other Certificate”, Press “OK” to complete setup
Trang 258.When Station connected to AP, a connection process request will right your screen Click it you can see a pop window as below (If there has more than a CA on your system you will see a CA selection screen first)
Note: New Windows version can handle it automatically, you might see the latest step directly